By Alma Angotti, Rachel Sazanowicz
On December 21, 2022, the New York Department of Financial Services (DFS) issued proposed guidance (the Guidance1) for New York State-regulated banking organizations, branches, and agencies of foreign banking organizations, and mortgage bankers and servicers (Covered Institutions) on climate change risk management. The Guidance supplements DFS’ prior October 2020 industry letter2 that set forth its expectation that Covered Institutions begin to integrate climate-related financial risk (CRFR) into their governance frameworks, risk management processes, and business strategies. The Guidance advises institutions on best practices to identify, measure, monitor, and control CRFRs that threaten operational resilience and safety and soundness.
Managing climate change risk is necessary for Covered Institutions to both thrive in today’s global, competitive financial landscape, and to foster resilience of the New York financial system. While stressing the importance of integration of CRFR, DFS provides Covered Institutions three themes to consider:
Risks are Evolving — When adjusting their management of CRFR with regard to operations and investments, Covered Institutions will need to rely on data and other climate change information on issues, such as natural disasters and population growth, that are constantly changing. DFS, however, will not accept that excuse as a justification for inaction. Covered Institutions should consider the dynamic nature of CRFR and search for overall trends and patterns in climate-related data when designing their approaches and methodologies to CRFR management
Approaches to CRFR should Consider the Size and Complexity of the Covered Institution — The Guidance notes that Covered Institutions should consider their CRFR exposure as well as their size, geography, resource availability, and complexity when implementing CRFR management. Additionally, an Institution should take a risk-based approach to climate risks, based on both current and forward-looking risk exposure
Covered Institutions Must Still Comply with Fair Lending Obligations — Low- and moderate-income communities and communities of color are disproportionately harmed by climate change and natural disasters. The Guidance emphasizes that mitigation of CRFR implemented by the Covered Institution cannot cause additional undue harm or disadvantage to at-risk communities
Climate risks are categorized as either physical risks or transition risks. Physical risks are weather-related volatility, such as natural disasters, and they affect infrastructure, real property, and personal safety. Transition risks are economic and behavioral shifts associated with the policy, technology, consumer, and investor preference, and liability risk changes.
Covered Institutions should consider both physical and transition risks in a CRFR management framework.
An institution’s governance framework is expected to include a process for identifying, measuring, monitoring, and controlling the institution’s CRFR.
1. Business Environment Strategy
Institutions should incorporate climate risk into their risk management framework by considering questions such as:
2. Board and Management Oversight
An Institution’s board and management should have adequate understanding and knowledge to assess CRFR and their impacts on the risk appetite of the organization when integrating climate change into the risk appetite framework. This oversight may include:
3. Policies, Procedures, and Limits
CRFR management should be embedded into policies and procedures and controls across relevant functions and business units. It should be modified when necessary to reflect changes in risk and the institution’s activities.
Internal Control Framework
Institutions should incorporate CRFR into their three lines of defense:
Risk Management Process
Institutions should manage their CRFR through their existing risk management framework as follows:
Data Aggregation and Reporting
Institutions should develop risk data aggregation capabilities and risk reporting practices to monitor material climate risk and produce timely information to facilitate board and management decision-making. The monitoring and management information systems should be consistent with the nature, scale, complexity, and diversity of the organization’s operations and level of exposure to climate risk.
Climate scenario analysis may be a useful tool in identifying, anticipating, managing, and measuring climate risks. The analysis should consider a range of scenarios based on assumptions regarding impact of climate risk over different time horizons to assess the resilience of their business models and strategies, identify and measure vulnerability, estimate exposures and potential impacts, and determine the materiality of climate risks. In the near term, a scenario analysis can assist in identifying data and methodological limitations and uncertainty in managing these risks that may need to be addressed.
The DFS has made clear its expectation that Covered Institutions begin to integrate CRFR into their governance frameworks, risk management processes, and business strategies, while also emphasizing that uncertainty and data gaps should not justify inaction.
Although there is no implementation timeline, Institutions should review and consider incorporating the recommendations highlighted by the DFS even if there are uncertainties and gaps in the data. An institution’s board and management must oversee the incorporation of the Guidance into its business strategy, risk management, and controls to address the physical and transient risks posed by climate change, while ensuring that decisions do not negatively impact at-risk communities, fair lending practices, and consumer protection. The institution should also collect data on the material risks and conduct scenario analysis to more accurately determine the materiality of the potential risks that should be used to make updates related to CRFR that are more specific to the institution.
Guidehouse can help financial institutions conduct assessments in light of the proposed regulatory and guidance changes, including determining changed obligations under the proposed rules and guidance, and developing and implementing updates to operations, policies, procedures, controls, and technology. Its areas of relevant expertise include the following:
Guidehouse can review and assess your program and policies and procedures to help determine whether it is sound, identify gaps or weaknesses, or conduct training on ESG, AML, CDD, and Sanctions compliance, including blockchain tracing and analytics. Guidehouse is well-equipped to make an individualized assessment of your unique circumstances and offer innovative advice and solutions for responding to heightened regulatory requirements.
This article is co-authored by Ji Kang.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for those navigating the global energy transformation.